On Aug 28 18:46, Takashi Yano wrote: > Previously, the number of command line args was not checked for > cygwin process. Due to this, segmentation fault was caused if too > many command line args are specified. > https://cygwin.com/pipermail/cygwin/2023-August/254333.html > > Since char *argv[argc + 1] is placed on the stack in dll_crt0_1(), > STATUS_STACK_OVERFLOW occurs if the stack does not have enough > space. > > With this patch, the total length of the arguments and the size of > argv[] is restricted to 1/4 of total stack size for the process, and > spawnve() returns E2BIG if the size exceeds the limit. > [...] > +static size_t > +get_stack_size (const WCHAR *filename) > +{ > + HANDLE h; > + h = CreateFileW (filename, GENERIC_READ, FILE_SHARE_READ, > + NULL, OPEN_EXISTING, 0, NULL); > + char buf[1024]; > + DWORD n; > + ReadFile (h, buf, sizeof (buf), &n, 0); > + CloseHandle (h); > + IMAGE_NT_HEADERS32 *p = (IMAGE_NT_HEADERS32 *) memmem (buf, n, "PE\0\0", > 4); > + if (!p) > + return 0; > + if ((char *) &p->OptionalHeader.SizeOfStackCommit > buf + n) > + return 0; /* buf[] is not enough */ > + if (p->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) > + return p->OptionalHeader.SizeOfStackReserve; > + IMAGE_NT_HEADERS64 *p64 = (IMAGE_NT_HEADERS64 *) p; > + if ((char *) &p64->OptionalHeader.SizeOfStackCommit > buf + n) > + return 0; /* buf[] is not enough */ > + return p64->OptionalHeader.SizeOfStackReserve; > +}
Sorry, but this proposal is too complicated, IMHO. Checking the stacksize in the file header for each single execve is quite a bit time consuming, isn't it? The question is rather, why storing argv on the stack at all? I guess the original idea was that argv is always a rather overseeable number. But it doesn't have to stay on the stack. I tried this simple patch: diff --git a/winsup/cygwin/dcrt0.cc b/winsup/cygwin/dcrt0.cc index 49b7a44aeb15..961dea4ab993 100644 --- a/winsup/cygwin/dcrt0.cc +++ b/winsup/cygwin/dcrt0.cc @@ -978,11 +978,8 @@ dll_crt0_1 (void *) a change to an element of argv[] it does not affect Cygwin's argv. Changing the the contents of what argv[n] points to will still affect Cygwin. This is similar (but not exactly like) Linux. */ - char *newargv[__argc + 1]; - char **nav = newargv; - char **oav = __argv; - while ((*nav++ = *oav++) != NULL) - continue; + char **newargv = (char **) malloc ((__argc + 1) * sizeof (char **)); + memcpy (newargv, __argv, (__argc + 1) * sizeof (char **)); /* Handle any signals which may have arrived */ sig_dispatch_pending (false); _my_tls.call_signal_handler (); and the testcase `LC_ALL=C sed 's/x/y/' $(seq 1000000)' simply ran as desired. Combined with a bit of error checking... > diff --git a/winsup/cygwin/sysconf.cc b/winsup/cygwin/sysconf.cc > index 2db92e4de..6cb2aecd0 100644 > --- a/winsup/cygwin/sysconf.cc > +++ b/winsup/cygwin/sysconf.cc > @@ -21,6 +21,13 @@ details. */ > #include "cpuid.h" > #include "clock.h" > > +#define DEFAULT_STACKGUARD (wincap.def_guard_page_size() + wincap.page_size > ()) > +static long > +get_arg_max (int in) > +{ > + return (long) (get_rlimit_stack () + DEFAULT_STACKGUARD) / 4; > +} > + > static long > get_page_size (int in) > { > @@ -485,7 +492,7 @@ static struct > }; > } sca[] = > { > - {cons, {c:ARG_MAX}}, /* 0, _SC_ARG_MAX */ > + {func, {f:get_arg_max}}, /* 0, _SC_ARG_MAX */ > {cons, {c:CHILD_MAX}}, /* 1, _SC_CHILD_MAX */ > {cons, {c:CLOCKS_PER_SEC}}, /* 2, _SC_CLK_TCK */ > {cons, {c:NGROUPS_MAX}}, /* 3, _SC_NGROUPS_MAX */ > -- > 2.39.0 Along these lines, there's no reason to couple SC_ARG_MAX to the size of the stack. I'd propose to return the value 2097152. It's the default value returned by getconf ARG_MAX on LInx as well. Corinna